X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=security%2Fruntime%2Forg.argeo.security.ldap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2Fjcr%2FJcrUserDetailsContextMapper.java;fp=security%2Fruntime%2Forg.argeo.security.ldap%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fldap%2Fjcr%2FJcrUserDetailsContextMapper.java;h=537e01763c8a0507bdd4c8e60236b212694cb6c1;hb=118878eb12c8e142da7648cae3880754b34798b2;hp=5c6a88585ab4c4403fd251eff6edd72b3fa15cbe;hpb=528580a33f630f79c61caa1378b581cc13b2b8ed;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java index 5c6a88585..537e01763 100644 --- a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java +++ b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java @@ -22,6 +22,7 @@ import org.argeo.jcr.JcrUtils; import org.argeo.security.jcr.JcrUserDetails; import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DirContextOperations; +import org.springframework.security.BadCredentialsException; import org.springframework.security.GrantedAuthority; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.encoding.PasswordEncoder; @@ -108,13 +109,25 @@ public class JcrUserDetailsContextMapper implements UserDetailsContextMapper, /** @return path to the user home node */ protected String mapLdapToJcr(String username, DirContextOperations ctx) { + String usernameLdap = ctx.getStringAttribute(usernameAttribute); + // log.debug("username=" + username + ", usernameLdap=" + usernameLdap); + if (!username.equals(usernameLdap)) { + String msg = "Provided username '" + username + + "' is different from username stored in LDAP '" + + usernameLdap+"'"; + // we log it because the exception may not be displayed + log.error(msg); + throw new BadCredentialsException(msg); + } + try { + Node userHome = JcrUtils.getUserHome(session, username); if (userHome == null) userHome = JcrUtils.createUserHome(session, homeBasePath, username); String userHomePath = userHome.getPath(); - Node userProfile; // = userHome.getNode(ARGEO_PROFILE); + Node userProfile; // = userHome.getNode(ARGEO_PROFILE); if (userHome.hasNode(ARGEO_PROFILE)) { userProfile = userHome.getNode(ARGEO_PROFILE); } else {